CVE List - 2025 / July
Showing 501 - 600 of 3776 CVEs for July 2025 (Page 6 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-7069 | 2025-07-04 | HDF5 H5FSsection.c H5FS__sect_link_size heap-based overflow |
| CVE-2025-7070 | 2025-07-04 | IROAD Dashcam Q9 MFA Pairing Request allocation of resources |
| CVE-2025-53365 | 2025-07-04 | MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service |
| CVE-2025-53366 | 2025-07-04 | MCP SDK Vulnerable to FastMCP Server Validation Error, Leading to Denial of Service |
| CVE-2025-48952 | 2025-07-04 | NetAlertX has Password Bypass Vulnerability due to Loose Comparison in PHP |
| CVE-2023-50786 | 2025-07-05 | Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to... |
| CVE-2025-47227 | 2025-07-05 | In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An... |
| CVE-2025-47228 | 2025-07-05 | In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests. |
| CVE-2025-53603 | 2025-07-05 | In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate... |
| CVE-2025-53604 | 2025-07-05 | The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header. |
| CVE-2025-53605 | 2025-07-05 | The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input. |
| CVE-2025-7074 | 2025-07-05 | vercel hyper rimraf-standalone.js ignoreMap redos |
| CVE-2025-7075 | 2025-07-05 | BlackVue Dashcam 590X HTTP Endpoint upload.cgi unrestricted upload |
| CVE-2025-7076 | 2025-07-06 | BlackVue Dashcam 590X Configuration upload.cgi access control |
| CVE-2025-27446 | 2025-07-06 | Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges |
| CVE-2025-7077 | 2025-07-06 | Shenzhen Libituo Technology LBT-T300-T310 appy.cgi config_3g_para buffer overflow |
| CVE-2025-7078 | 2025-07-06 | 07FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgery |
| CVE-2025-38235 | 2025-07-06 | HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting |
| CVE-2025-7079 | 2025-07-06 | mao888 bluebell-plus JWT Token jwt.go hard-coded password |
| CVE-2025-7080 | 2025-07-06 | Done-0 Jank JWT Token jwt_utils.go hard-coded password |
| CVE-2025-7081 | 2025-07-06 | Belkin F9K1122 webs formSetWanStatic os command injection |
| CVE-2025-5333 | 2025-07-06 | Unauthenticated Remote Code Execution in IT Management Suite |
| CVE-2025-7082 | 2025-07-06 | Belkin F9K1122 webs formBSSetSitesurvey os command injection |
| CVE-2025-7083 | 2025-07-06 | Belkin F9K1122 webs mp os command injection |
| CVE-2025-7084 | 2025-07-06 | Belkin F9K1122 webs formWpsStart stack-based overflow |
| CVE-2025-7085 | 2025-07-06 | Belkin F9K1122 webs formiNICWpsStart stack-based overflow |
| CVE-2025-7086 | 2025-07-06 | Belkin F9K1122 webs formPPTPSetup stack-based overflow |
| CVE-2025-7087 | 2025-07-06 | Belkin F9K1122 webs formL2TPSetup stack-based overflow |
| CVE-2025-7088 | 2025-07-06 | Belkin F9K1122 webs formPPPoESetup stack-based overflow |
| CVE-2025-7089 | 2025-07-06 | Belkin F9K1122 webs formWanTcpipSetup stack-based overflow |
| CVE-2025-7090 | 2025-07-06 | Belkin F9K1122 webs formConnectionSetting stack-based overflow |
| CVE-2025-7091 | 2025-07-06 | Belkin F9K1122 webs formWlanMP stack-based overflow |
| CVE-2025-7092 | 2025-07-06 | Belkin F9K1122 webs formWlanSetupWPS stack-based overflow |
| CVE-2025-7093 | 2025-07-06 | Belkin F9K1122 webs formSetLanguage stack-based overflow |
| CVE-2025-7094 | 2025-07-06 | Belkin F9K1122 webs formBSSetSitesurvey stack-based overflow |
| CVE-2025-7095 | 2025-07-06 | Comodo Internet Security Premium Update certificate validation |
| CVE-2025-7096 | 2025-07-06 | Comodo Internet Security Premium Manifest File cis_update_x64.xml integrity check |
| CVE-2025-7097 | 2025-07-06 | Comodo Internet Security Premium Manifest File cis_update_x64.xml os command injection |
| CVE-2025-3108 | 2025-07-06 | Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index |
| CVE-2025-7098 | 2025-07-06 | Comodo Internet Security Premium File Name path traversal |
| CVE-2025-7099 | 2025-07-06 | BoyunCMS Installation install2.php deserialization |
| CVE-2023-51232 | 2025-07-07 | Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names... |
| CVE-2024-25176 | 2025-07-07 | LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c. |
| CVE-2024-25177 | 2025-07-07 | LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS). |
| CVE-2024-25178 | 2025-07-07 | LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c. |
| CVE-2024-37656 | 2025-07-07 | An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php. |
| CVE-2024-37657 | 2025-07-07 | An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component. |
| CVE-2024-37658 | 2025-07-07 | An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php. |
| CVE-2025-26780 | 2025-07-07 | An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400. The lack of a length check leads to a Denial of Service via... |
| CVE-2025-43930 | 2025-07-07 | Hashview 0.8.1 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header. |
| CVE-2025-43931 | 2025-07-07 | flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header. |
| CVE-2025-43932 | 2025-07-07 | JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header. |
| CVE-2025-43933 | 2025-07-07 | fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header. |
| CVE-2025-45065 | 2025-07-07 | employee record management system in php and mysql v1 was discovered to contain a SQL injection vulnerability via the loginerms.php endpoint. |
| CVE-2025-45479 | 2025-07-07 | Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content into a container. |
| CVE-2025-47202 | 2025-07-07 | In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem... |
| CVE-2025-52492 | 2025-07-07 | A vulnerability has been discovered in the firmware of Paxton Paxton10 before 4.6 SR6. The firmware file, rootfs.tar.gz, contains hard-coded credentials for the Twilio API. A remote attacker who obtains... |
| CVE-2025-7100 | 2025-07-07 | BoyunCMS Index.php unrestricted upload |
| CVE-2025-7101 | 2025-07-07 | BoyunCMS Configuration File install_ok.php code injection |
| CVE-2025-7102 | 2025-07-07 | BoyunCMS Server.php sql injection |
| CVE-2025-7103 | 2025-07-07 | BoyunCMS curl Index.php server-side request forgery |
| CVE-2025-53167 | 2025-07-07 | Authentication vulnerability in the distributed collaboration framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-53168 | 2025-07-07 | Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera... |
| CVE-2025-53169 | 2025-07-07 | Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera... |
| CVE-2025-53170 | 2025-07-07 | Null pointer dereference vulnerability in the application exit cause module Impact: Successful exploitation of this vulnerability may affect function stability. |
| CVE-2024-58117 | 2025-07-07 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. |
| CVE-2025-7107 | 2025-07-07 | SimStudioAI sim route.ts handleLocalFile path traversal |
| CVE-2025-53171 | 2025-07-07 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. |
| CVE-2025-53172 | 2025-07-07 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. |
| CVE-2025-53173 | 2025-07-07 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. |
| CVE-2025-53174 | 2025-07-07 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. |
| CVE-2025-53175 | 2025-07-07 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. |
| CVE-2025-53176 | 2025-07-07 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function. |
| CVE-2025-53177 | 2025-07-07 | Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches. |
| CVE-2025-7145 | 2025-07-07 | TeamT5|ThreatSonar Anti-Ransomware - OS Command Injection |
| CVE-2025-53178 | 2025-07-07 | Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units. |
| CVE-2025-53179 | 2025-07-07 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. |
| CVE-2025-53180 | 2025-07-07 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. |
| CVE-2025-53181 | 2025-07-07 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. |
| CVE-2025-53182 | 2025-07-07 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. |
| CVE-2025-53183 | 2025-07-07 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. |
| CVE-2025-7108 | 2025-07-07 | risesoft-y9 Digital-Infrastructure Y9FileController.java deleteFile path traversal |
| CVE-2025-53184 | 2025-07-07 | Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. |
| CVE-2025-53185 | 2025-07-07 | Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory Impact: Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2025-53186 | 2025-07-07 | Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-7109 | 2025-07-07 | Portabilis i-Educar Student Benefits Registration educar_aluno_beneficio_lst.php cross site scripting |
| CVE-2025-7110 | 2025-07-07 | Portabilis i-Educar School Module educar_escola_lst.php cross site scripting |
| CVE-2025-7111 | 2025-07-07 | Portabilis i-Educar Course Module educar_curso_det.php cross site scripting |
| CVE-2025-7112 | 2025-07-07 | Portabilis i-Educar Function Management Module educar_funcao_det.php cross site scripting |
| CVE-2025-48501 | 2025-07-07 | An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where... |
| CVE-2025-53473 | 2025-07-07 | Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers. |
| CVE-2025-24508 | 2025-07-07 | Offline Extraction of Account Connectivity Credentials (ACCs) in IT Management Suite |
| CVE-2025-7113 | 2025-07-07 | Portabilis i-Educar Curricular Components Module edit cross site scripting |
| CVE-2025-7114 | 2025-07-07 | SimStudioAI sim Session route.ts POST missing authentication |
| CVE-2025-7115 | 2025-07-07 | rowboatlabs rowboat Session route.ts PUT missing authentication |
| CVE-2025-41672 | 2025-07-07 | WAGO: Vulnerability in WAGO Device Sphere |
| CVE-2025-7116 | 2025-07-07 | UTT 进取 750W Fast_wireless_conf buffer overflow |
| CVE-2025-7117 | 2025-07-07 | UTT HiPER 840G websWhiteList buffer overflow |
| CVE-2025-7118 | 2025-07-07 | UTT HiPER 840G formPictureUrl buffer overflow |
| CVE-2025-7119 | 2025-07-07 | Campcodes Complaint Management System index.php sql injection |